Computer Security
[EN] securityvulns.ru no-pyccku


Cherokee authentication bypass
Published:04.05.2015
Source:
SecurityVulns ID:14422
Type:remote
Threat Level:
6/10
Description:LDAP authentication allows to authenticate with empty password.
Affected:CHEROKEE : Cherokee 1.2
CVE:CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:225 ] cherokee (04.05.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod